Multiple DHCP Scopes associated with VLANs

Discussion in 'Cisco' started by bck, Apr 9, 2006.

  1. bck

    bck Guest

    Hi there,
    First of all I'm from Switzerland. Therefore I'm pre-sorry for my bad
    english.

    My Problem is the following:
    I'm trying to set up an Cisco 1231 AP (IOS 12.3). I configured (with
    the GUI) an SSID 'intern' associated with the VLAN 250.
    Now I got the two new virtual Interfaces Dot11radio0.250 and
    FastEthernet0.250.
    They are both in the 'bridge-group 250'. The physical interface
    'Dot11radio0' itself is in the 'Bridge-group 1' as well as the physical
    interface FastEthernet0.

    Now I configured these DHCP Scopes like that:

    ip dhcp excluded-address 10.1.0.1 10.1.0.2
    ip dhcp pool INTERN
    network 10.1.0.0 /28
    lease 10

    ip dhcp excluded-address 10.0.0.1 10.0.0.3
    ip dhcp pool DEFAULT
    network 10.0.0.0 /28
    lease 10

    The following IP settings are set:
    Dot11radio0: no ip address
    Dot11radio0.250 : 10.1.0.1 /28
    FastEthernet0: no ip address
    FastEthernet0.250: no ip address
    BVI 1: 10.0.0.2 /28

    Now when I try to connect to the AP using the SSID 'intern', I get no
    IP-Address.

    I even tried to configure a BVI 250 interface with the IP-Address
    10.1.0.2 /28, it doesn't help. On the AP I turned on all 'debug ip dhcp
    server' stuff and I don't even see a DHCPDISCOVER.
    I also tried to abstract the Dot11radio0 interface from the
    bridge-group 1 which isn't allowed as the AP says.

    Probably I don't understand the Bridge-group thing very well but isn't
    it inconsistent when the 'root' interface dot11radio0 is in
    bridge-group 1 and the sub-if dot11radio0.250 itself is in bridge-group
    250?

    I tried one more thing:
    I did exactly the same configuration (in the GUI) without assigning the
    SSID 'intern' to a VLAN. In that case I get an IP Address out of the
    DEFAULT Pool.

    ---

    You wanna probably know where i actually want to get:
    The target is to set up 3 SSIDs.
    intern: clients that are allowed to communicate with the wired LAN and
    the WAN
    extern: clients that are allowed to communicate with the WAN
    infrastructure: ssid-infrastructure to add a repeater-device later

    To get that I think i need different address pools that i can easily
    set up the access-lists.

    Well, pre-thanks
    greets bck
    bck, Apr 9, 2006
    #1
    1. Advertising

  2. bck

    Merv Guest

    please post

    1. show version

    2. show run

    3. conf t
    logging buffer 10000 debug
    exit
    wri mem

    clear log

    debug dhcp detail

    ! have wireless client assoicate to SSID an attempt to obtain DHCP
    address

    undebug all

    4. post output of "show log" after associate with AP
    Merv, Apr 9, 2006
    #2
    1. Advertising

  3. bck

    bck Guest

    1. show version
    Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version 12.3(7)JA2,
    RELEASE SOFTWARE (fc1)
    BOOTLDR: C1200 Boot Loader (C1200-BOOT-M) Version 12.2(8)JA, EARLY
    DEPLOYMENT RELEASE SOFTWARE (fc1)

    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:12:00:9D:F3:60
    Part Number : 73-8704-07
    PCA Assembly Number : 800-23211-08
    PCA Revision Number : A0
    PCB Serial Number : FOC08350KSM
    Top Assembly Part Number : 800-23304-07
    Top Assembly Serial Number : FCZ0841Z0YR
    Top Revision Number : B0
    Product/Model Number : AIR-AP1231G-E-K9



    2. show run
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname IPA2006_AP1
    !
    enable secret 5 $1$SmqK$SohoAaAZCXOxIzUeh5WOw/
    !
    ip subnet-zero
    ip dhcp excluded-address 10.1.0.1
    ip dhcp excluded-address 10.0.0.1 10.0.0.3
    !
    ip dhcp pool INTERN
    network 10.1.0.0 255.255.255.240
    lease 10
    !
    ip dhcp pool DEFAULT
    network 10.0.0.0 255.255.255.240
    lease 10
    !
    !
    no aaa new-model
    !
    dot11 ssid intern
    vlan 250
    authentication open
    !
    !
    !
    username Cisco password 7 14341B180F0B
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 250 key 1 size 128bit 7 ED8B9B24F79337ABFC10BFF2126B
    transmit-key
    encryption vlan 250 mode wep mandatory
    !
    ssid intern
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    channel 2447
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.250
    encapsulation dot1Q 250
    ip address 10.1.0.1 255.255.255.240
    no ip route-cache
    bridge-group 250
    bridge-group 250 subscriber-loop-control
    bridge-group 250 block-unknown-source
    no bridge-group 250 source-learning
    no bridge-group 250 unicast-flooding
    bridge-group 250 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.250
    encapsulation dot1Q 250
    no ip route-cache
    bridge-group 250
    no bridge-group 250 source-learning
    bridge-group 250 spanning-disabled
    !
    interface BVI1
    ip address 10.0.0.2 255.255.255.240
    no ip route-cache
    !
    interface BVI250
    ip address 10.1.0.2 255.255.255.240
    no ip route-cache
    !
    ip http server
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    !
    !
    control-plane
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    transport preferred all
    transport output all
    line vty 0 4
    login local
    transport preferred all
    transport input all
    transport output all
    line vty 5 15
    login
    transport preferred all
    transport input all
    transport output all
    !
    end


    3. turned on "debug dhcp detail", connected to the AP, the output goes
    like that:
    *Mar 1 02:16:24.967: %DOT11-6-DISASSOC: Interface Dot11Radio0,
    Deauthenticating Station 0040.96a8.0737 Reason: Disassociated because
    sending station is leaving (or has left) BSS
    *Mar 1 02:16:26.254: DHCPD: checking for expired leases.
    *Mar 1 02:16:32.690: %DOT11-6-ASSOC: Interface Dot11Radio0, Station
    DEG-THO2 0040.96a8.0737 Associated KEY_MGMT[NONE]


    nothing more after associate with AP
    bck, Apr 9, 2006
    #3
  4. bck

    Merv Guest

    1. SSID "intern" needs to be configured to be part of VLNAN 250

    see Cisco doc Configuring VLANS
    http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00804e7d4e.html


    2. disable encyption on SSID intern until the DHCP issue is addressed.

    3. ensure wireless client has sucessfully assocaited
    show dot11 assoc client

    4. check DHCP to see that DHCP discovery messages are being
    received from wirlesss client
    show ip dhcp binding
    show ip dhcp server statistics
    Merv, Apr 9, 2006
    #4
  5. bck

    bck Guest

    1. Yes I have this document too, and I really wondered, why I can't to
    the following on my AP:
    IPA2006_AP1(config)#int
    IPA2006_AP1(config)#int do0
    IPA2006_AP1(config-if)#ssi
    IPA2006_AP1(config-if)#ssid intern
    IPA2006_AP1(config-if)#vlan 250
    ^
    % Invalid input detected at '^' marker.

    But in my config there's the section:
    dot11 ssid intern
    vlan 250
    authentication open

    So, I assume that the SSID 'intern' is configured to be part of VLAN
    250.
    I checked DHCP but there's nothing that would help. It just happens
    nothing!
    Oh, and Yes, clients do associate successfully with the AP. Even the
    repeater does it.
    bck, Apr 9, 2006
    #5
  6. bck

    Merv Guest

    Looks like Cisco may have change some command usage:

    dot11 ssid

    Use the dot11 ssid global configuration command to create a global
    SSID. The SSID is inactive until you use the ssid configuration
    interface command to assign the SSID to a specific radio interface.

    dot11 ssid ssid

    In Cisco IOS Release 12.3(4)JA, you can configure SSIDs globally or for
    a specific radio interface. However, when you create an SSID using the
    ssid configuration interface command, the access point stores the SSID
    in global configuration mode.
    Syntax Description

    This command has no arguments or keywords.
    Defaults

    This command has no defaults.
    Command Modes

    Global configuration
    Command History
    Release

    Modification

    12.3(2)JA


    This command was introduced.

    Examples

    This example shows how to:

    ·Create an SSID in global configuration mode

    ·Configure the SSID for RADIUS accounting

    ·Set the maximum number of client devices that can associate using
    this SSID to 15

    ·Assign the SSID to a VLAN

    ·Assign the SSID to a radio interface

    AP# configure terminal

    AP(config)# dot11 ssid batman

    AP(config-ssid)# accounting accounting-method-list

    AP(config-ssid)# max-associations 15

    AP(config-ssid)# vlan 3762

    AP(config-ssid)# exit

    AP(config)# interface dot11radio 0

    AP(config-if)# ssid batman




    so try :


    ! configure SSId intern at global config command level

    dot11 ssid intern
    vlan 250
    authentication open
    exit
    exit

    ! apply the SSID internal to interface d0

    int d0
    ssid intern
    exit
    Merv, Apr 9, 2006
    #6
  7. bck

    thrill5 Guest

    You can't configure the same VLAN with two different IP subnets. If you want
    the radio and fast Ethernet to be on different subnets then change the VLAN
    number on the radio (or get ride of it completely) and delete the bridge
    config.

    Scott

    "bck" <> wrote in message
    news:...
    > 1. show version
    > Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version 12.3(7)JA2,
    > RELEASE SOFTWARE (fc1)
    > BOOTLDR: C1200 Boot Loader (C1200-BOOT-M) Version 12.2(8)JA, EARLY
    > DEPLOYMENT RELEASE SOFTWARE (fc1)
    >
    > 32K bytes of flash-simulated non-volatile configuration memory.
    > Base ethernet MAC Address: 00:12:00:9D:F3:60
    > Part Number : 73-8704-07
    > PCA Assembly Number : 800-23211-08
    > PCA Revision Number : A0
    > PCB Serial Number : FOC08350KSM
    > Top Assembly Part Number : 800-23304-07
    > Top Assembly Serial Number : FCZ0841Z0YR
    > Top Revision Number : B0
    > Product/Model Number : AIR-AP1231G-E-K9
    >
    >
    >
    > 2. show run
    > !
    > version 12.3
    > no service pad
    > service timestamps debug datetime msec
    > service timestamps log datetime msec
    > service password-encryption
    > !
    > hostname IPA2006_AP1
    > !
    > enable secret 5 $1$SmqK$SohoAaAZCXOxIzUeh5WOw/
    > !
    > ip subnet-zero
    > ip dhcp excluded-address 10.1.0.1
    > ip dhcp excluded-address 10.0.0.1 10.0.0.3
    > !
    > ip dhcp pool INTERN
    > network 10.1.0.0 255.255.255.240
    > lease 10
    > !
    > ip dhcp pool DEFAULT
    > network 10.0.0.0 255.255.255.240
    > lease 10
    > !
    > !
    > no aaa new-model
    > !
    > dot11 ssid intern
    > vlan 250
    > authentication open
    > !
    > !
    > !
    > username Cisco password 7 14341B180F0B
    > !
    > bridge irb
    > !
    > !
    > interface Dot11Radio0
    > no ip address
    > no ip route-cache
    > !
    > encryption vlan 250 key 1 size 128bit 7 ED8B9B24F79337ABFC10BFF2126B
    > transmit-key
    > encryption vlan 250 mode wep mandatory
    > !
    > ssid intern
    > !
    > speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    > 36.0 48.0 54.0
    > channel 2447
    > station-role root
    > bridge-group 1
    > bridge-group 1 block-unknown-source
    > no bridge-group 1 source-learning
    > no bridge-group 1 unicast-flooding
    > bridge-group 1 spanning-disabled
    > !
    > interface Dot11Radio0.250
    > encapsulation dot1Q 250
    > ip address 10.1.0.1 255.255.255.240
    > no ip route-cache
    > bridge-group 250
    > bridge-group 250 subscriber-loop-control
    > bridge-group 250 block-unknown-source
    > no bridge-group 250 source-learning
    > no bridge-group 250 unicast-flooding
    > bridge-group 250 spanning-disabled
    > !
    > interface FastEthernet0
    > no ip address
    > no ip route-cache
    > duplex auto
    > speed auto
    > bridge-group 1
    > no bridge-group 1 source-learning
    > bridge-group 1 spanning-disabled
    > !
    > interface FastEthernet0.250
    > encapsulation dot1Q 250
    > no ip route-cache
    > bridge-group 250
    > no bridge-group 250 source-learning
    > bridge-group 250 spanning-disabled
    > !
    > interface BVI1
    > ip address 10.0.0.2 255.255.255.240
    > no ip route-cache
    > !
    > interface BVI250
    > ip address 10.1.0.2 255.255.255.240
    > no ip route-cache
    > !
    > ip http server
    > no ip http secure-server
    > ip http help-path
    > http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    > !
    > !
    > control-plane
    > !
    > bridge 1 route ip
    > !
    > !
    > !
    > line con 0
    > transport preferred all
    > transport output all
    > line vty 0 4
    > login local
    > transport preferred all
    > transport input all
    > transport output all
    > line vty 5 15
    > login
    > transport preferred all
    > transport input all
    > transport output all
    > !
    > end
    >
    >
    > 3. turned on "debug dhcp detail", connected to the AP, the output goes
    > like that:
    > *Mar 1 02:16:24.967: %DOT11-6-DISASSOC: Interface Dot11Radio0,
    > Deauthenticating Station 0040.96a8.0737 Reason: Disassociated because
    > sending station is leaving (or has left) BSS
    > *Mar 1 02:16:26.254: DHCPD: checking for expired leases.
    > *Mar 1 02:16:32.690: %DOT11-6-ASSOC: Interface Dot11Radio0, Station
    > DEG-THO2 0040.96a8.0737 Associated KEY_MGMT[NONE]
    >
    >
    > nothing more after associate with AP
    >
    thrill5, Apr 10, 2006
    #7
  8. bck

    bck Guest

    Yep, I see.
    But that's exactly the same I already have in my config, isn't it?
    bck, Apr 10, 2006
    #8
  9. bck

    bck Guest

    Well, I don't wanna configure the same VLAN with two different IP
    subnets. And I don't want the radio and the Ethernet to be on different
    subnets either.

    The thing I want:
    2 DHCP Pools (INTERN, EXTERN)
    2 SSIDs (intern, extern)
    When you connect with SSID 'intern' you get an IP Address out of the
    INTERN Pool and vice versa.

    Therefore I actually need 2 different VLANs associated with SSIDs.
    bck, Apr 10, 2006
    #9
  10. bck

    bck Guest

    My current running config:

    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname IPA2006_AP1
    !
    logging buffered 10000 debugging
    enable secret 5 $1$SmqK$SohoAaAZCXOxIzUeh5WOw/
    !
    ip subnet-zero
    ip dhcp excluded-address 10.1.0.1
    ip dhcp excluded-address 10.0.0.1 10.0.0.4
    !
    ip dhcp pool INTERN
    network 10.1.0.0 255.255.255.240
    default-router 10.1.0.1
    dns-server 212.90.199.2
    lease 10
    !
    ip dhcp pool EXTERN
    network 10.2.0.0 255.255.255.240
    default-router 10.2.0.1
    dns-server 212.90.199.2
    lease 10
    !
    ip dhcp pool TESTPPOL
    network 10.0.0.0 255.255.255.240
    lease 10
    !
    !
    aaa new-model
    !
    !
    aaa group server radius rad_eap
    server 10.0.0.2 auth-port 1812 acct-port 1813
    !
    aaa group server radius rad_mac
    !
    aaa group server radius rad_acct
    !
    aaa group server radius rad_admin
    cache expiry 1
    cache authorization profile admin_cache
    cache authentication profile admin_cache
    !
    aaa group server tacacs+ tac_admin
    cache expiry 1
    cache authorization profile admin_cache
    cache authentication profile admin_cache
    !
    aaa group server radius rad_pmip
    !
    aaa group server radius dummy
    !
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa cache profile admin_cache
    all
    !
    aaa session-id common
    dot11 vlan-name extern vlan 251
    !
    dot11 ssid extern
    vlan 251
    authentication open
    !
    dot11 ssid infrastructure
    vlan 1
    authentication open
    infrastructure-ssid
    !
    dot11 ssid intern
    vlan 250
    authentication open mac-address mac_methods eap eap_methods
    authentication network-eap eap_methods
    authentication key-management wpa
    !
    !
    !
    username Cisco password 7 14341B180F0B
    username 004096a80737 password 7 0256540F5B5F5920141E5E4A52
    username 004096a80737 autocommand exit
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption mode ciphers aes-ccm tkip wep128
    !
    encryption vlan 250 mode ciphers aes-ccm tkip
    !
    broadcast-key change 18000
    !
    broadcast-key vlan 250 change 18000
    !
    !
    ssid extern
    !
    ssid infrastructure
    !
    ssid intern
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    channel 2447
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.250
    encapsulation dot1Q 250
    ip address 10.1.0.1 255.255.255.240
    no ip route-cache
    !
    interface Dot11Radio0.251
    encapsulation dot1Q 251
    ip address 10.2.0.1 255.255.255.240
    no ip route-cache
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    hold-queue 160 in
    !
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 10.0.0.2 255.255.255.240
    no ip route-cache
    !
    ip http server
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    !
    radius-server local
    nas 10.0.0.2 key 7 071C244F5C0C0D
    user hstucki nthash 7
    0558222D056918504E2140435D55540B7C7271616576312234525304010B050356
    !
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 10.0.0.2 auth-port 1812 acct-port 1813 key 7
    0518030C33495A
    radius-server vsa send accounting
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 5 15
    !
    end


    And still:
    When I connect to FaEth0 with a CAT5 Cable, I get an IP-Address out of
    the TESTPOOL. With enabled DHCP Debug Messages i see all the
    Choreography successfully.

    When I connect over the WLAN Adapter with an SSID intern or extern, I
    don't see anything and I get the std. 169.x.x.x crap.
    bck, Apr 10, 2006
    #10
  11. bck

    Merv Guest

    To carry VLAN 1 on 1Q trunk to upstream switch

    interface FastEthernet0
    no bridge-group 1

    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    exit

    Make sure the BVI1 interface (10.0.0.2 ) is still pingable after this
    change

    Please post output of
    show dot11 assoc client

    show mac-address-table

    show vlan
    Merv, Apr 10, 2006
    #11
  12. bck

    bck Guest

    Ok, i didn't actually had to make any change. What you suggested,

    interface FastEthernet0
    no bridge-group 1
    1.
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    exit

    Is already active.


    show dot11 asso output:
    802.11 Client Stations on Dot11Radio0:

    SSID [infrastructure] :

    MAC Address IP address Device Name Parent
    State
    000b.be81.8fcc 10.0.0.3 ap1100-Rptr IPA2006_AP2 self
    Assoc

    SSID [intern] :

    MAC Address IP address Device Name Parent
    State
    0040.96a8.0737 127.0.0.1 CB21AG/PI21AG HOTSPOT-NB1053 self
    EAP-Assoc


    2. show mac-address-table: can't find this command.

    3. show vlans
    Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

    vLAN Trunk Interfaces: Dot11Radio0.1
    FastEthernet0.1
    Virtual-Dot11Radio0.1

    This is configured as native Vlan for the following interface(s) :
    Dot11Radio0
    FastEthernet0
    Virtual-Dot11Radio0

    Protocols Configured: Address: Received:
    Transmitted:
    Bridging Bridge Group 1 3008
    88
    Other 0
    436

    2946 packets, 492649 bytes input
    193 packets, 54302 bytes output
    Bridging Bridge Group 1 3012
    88
    Other 0
    436

    784 packets, 89513 bytes input
    147 packets, 52412 bytes output
    Bridging Bridge Group 1 3013
    88
    Other 0
    436

    0 packets, 0 bytes input
    187 packets, 54583 bytes output

    Virtual LAN ID: 250 (IEEE 802.1Q Encapsulation)

    vLAN Trunk Interfaces: Dot11Radio0.250
    Virtual-Dot11Radio0.250

    Protocols Configured: Address: Received:
    Transmitted:
    IP 10.1.0.1 5
    3
    Other 0
    18

    76 packets, 11995 bytes input
    15 packets, 1305 bytes output
    IP 10.1.0.1
    Other 0
    18

    0 packets, 0 bytes input
    6 packets, 592 bytes output

    Virtual LAN ID: 251 (IEEE 802.1Q Encapsulation)

    vLAN Trunk Interfaces: Dot11Radio0.251
    Virtual-Dot11Radio0.251

    Protocols Configured: Address: Received:
    Transmitted:
    IP 10.2.0.1 12
    18
    Other 0
    18

    138 packets, 34663 bytes input
    30 packets, 1995 bytes output
    IP 10.2.0.1
    Other 0
    18

    0 packets, 0 bytes input
    6 packets, 592 bytes output
    bck, Apr 10, 2006
    #12
  13. bck

    bck Guest

    bck, Apr 10, 2006
    #13
  14. bck

    Merv Guest

    The formatted output was much easier to read

    It does not look like you have any client PC's associated to the AP -
    is this correct ?

    If this is the case can you have a PC associate and post output of
    show dot11 assoc client
    Merv, Apr 10, 2006
    #14
  15. bck

    bck Guest

    Nope, that's not correct. I do have a Client associated:
    http://bck.539.ch/output, with SSID intern, EAP-Associated.

    With show dot11 assoc client it just shows only this line. (SSID
    [intern] : )
    bck, Apr 10, 2006
    #15
  16. bck

    Merv Guest

    0040.96a8.0737 is the client PC under test ?


    It looks like you have WEP configured.

    We had a recent situation where a wireless client could not get a DHCP
    address because the WEP key number did not match that of the AP. So you
    mmay want to check that. If that does not work , then I would remove
    WEP encyption until the DHCP issue is resolved.
    Merv, Apr 10, 2006
    #16
  17. bck

    Merv Guest

    What is the version of the client software being used with the CB21AG ?
    Merv, Apr 10, 2006
    #17
  18. Please see my followup to your posting in "alt.internet.wireless".
    (FYI, if you want to post your article in two groups, please do it
    via a single posting (with multiple groups listed in the Newsgroups
    header), rather than via two independent postings.

    Regards,

    Aaron

    ---


    ~ Hi there,
    ~ First of all I'm from Switzerland. Therefore I'm pre-sorry for my bad
    ~ english.
    ~
    ~ My Problem is the following:
    ~ I'm trying to set up an Cisco 1231 AP (IOS 12.3). I configured (with
    ~ the GUI) an SSID 'intern' associated with the VLAN 250.
    ~ Now I got the two new virtual Interfaces Dot11radio0.250 and
    ~ FastEthernet0.250.
    ~ They are both in the 'bridge-group 250'. The physical interface
    ~ 'Dot11radio0' itself is in the 'Bridge-group 1' as well as the physical
    ~ interface FastEthernet0.
    ~
    ~ Now I configured these DHCP Scopes like that:
    ~
    ~ ip dhcp excluded-address 10.1.0.1 10.1.0.2
    ~ ip dhcp pool INTERN
    ~ network 10.1.0.0 /28
    ~ lease 10
    ~
    ~ ip dhcp excluded-address 10.0.0.1 10.0.0.3
    ~ ip dhcp pool DEFAULT
    ~ network 10.0.0.0 /28
    ~ lease 10
    ~
    ~ The following IP settings are set:
    ~ Dot11radio0: no ip address
    ~ Dot11radio0.250 : 10.1.0.1 /28
    ~ FastEthernet0: no ip address
    ~ FastEthernet0.250: no ip address
    ~ BVI 1: 10.0.0.2 /28
    ~
    ~ Now when I try to connect to the AP using the SSID 'intern', I get no
    ~ IP-Address.
    ~
    ~ I even tried to configure a BVI 250 interface with the IP-Address
    ~ 10.1.0.2 /28, it doesn't help. On the AP I turned on all 'debug ip dhcp
    ~ server' stuff and I don't even see a DHCPDISCOVER.
    ~ I also tried to abstract the Dot11radio0 interface from the
    ~ bridge-group 1 which isn't allowed as the AP says.
    ~
    ~ Probably I don't understand the Bridge-group thing very well but isn't
    ~ it inconsistent when the 'root' interface dot11radio0 is in
    ~ bridge-group 1 and the sub-if dot11radio0.250 itself is in bridge-group
    ~ 250?
    ~
    ~ I tried one more thing:
    ~ I did exactly the same configuration (in the GUI) without assigning the
    ~ SSID 'intern' to a VLAN. In that case I get an IP Address out of the
    ~ DEFAULT Pool.
    ~
    ~ ---
    ~
    ~ You wanna probably know where i actually want to get:
    ~ The target is to set up 3 SSIDs.
    ~ intern: clients that are allowed to communicate with the wired LAN and
    ~ the WAN
    ~ extern: clients that are allowed to communicate with the WAN
    ~ infrastructure: ssid-infrastructure to add a repeater-device later
    ~
    ~ To get that I think i need different address pools that i can easily
    ~ set up the access-lists.
    ~
    ~ Well, pre-thanks
    ~ greets bck
    Aaron Leonard, Apr 10, 2006
    #18
  19. bck

    bck Guest

    Hi Aaron,

    Thanks for the advice (Multiple Groups) I didn't realize you can
    actually do that.
    And, thank you for your time-saving follow-up in
    "alt.internet.wireless".

    Kind Regards,
    Thomas
    bck, Apr 10, 2006
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. IHateSpam
    Replies:
    9
    Views:
    1,638
    Johnny Routin
    Apr 14, 2004
  2. blu_aqua

    DHCP over multiple vlans

    blu_aqua, May 18, 2005, in forum: Cisco
    Replies:
    2
    Views:
    3,970
    blu_aqua
    May 19, 2005
  3. Ad
    Replies:
    1
    Views:
    18,659
    Patrick O'Sullivan
    Jul 30, 2005
  4. Replies:
    3
    Views:
    1,441
  5. RichA
    Replies:
    23
    Views:
    1,382
Loading...

Share This Page